Healthcare Information Security

Cybersecurity News

3 Key Steps for Stronger Data Security in Healthcare

As ransomware, DDoS attacks, and other threats against data security in healthcare increase, organizations need to take a comprehensive approach to keeping data protected.

Data security in healthcare requires a three-part strategy

Source: Thinkstock

- There was a recent Forbes article that analyzed the findings from the Office for Civil Rights (OCR), which looked at the total number of breaches and impacted people in 2015. So, what did OCR find?

In 2015, there were 253 healthcare breaches, impacting 500 people or more – with a combined loss topping out at 112 million records. To put that in perspective, the amount of breached records potentially impacted about 35 percent of the US population.

That said, it’s pretty clear that data security in the healthcare world continues to be a growing concern.

The digitization of the modern healthcare organization has fueled bad guys to go after more digital records. As a result, breaches are increasing, the value of data continues to go up, and security professionals are constantly battling to secure their data centers.

However, data and healthcare security do not have to be an overwhelmingly challenging process. In fact, over-thinking and complicating security can actually lead to holes and issues.

Leading security experts look at security from a truly holistic, big picture perspective to create easier security models for their clients. This can include automation, better auditing/logging, and improved data security mechanisms.

So, in a world of ransomware, DDoS attacks, and lost physical devices, here are three key steps in enabling a better security strategy in today’s digital world.

Connect with your users

This is such an important step and process. Leading healthcare security teams regularly meet and work with end-users from all departments within their organization. And, in working with these users, they learn quite a bit. They can see where processes lack efficiency, where there are random peripheral devices, how users are interacting with critical applications, where data is actually being stored, and what can be done to make the IT interaction process even better. Remember, users complain when there are issues. They don’t often let you know when things are working. It’s in those very situations that IT and security can become complacent; waiting for something to break. Connecting with your users prevents this from happening and allows security engineers to spot issues, even when things are “working.”

Have a complete backup strategy in place

I’ve seen some of the worst ransomware events turn into nothing because a healthcare organization had a fantastic backup strategy in place. There’s a very simple rule to follow when it comes to data security and backup: 3-2-1. That is – at least three different copies of your backup, stored on two different types of media, and at least one backup must be offsite. With that strategy, you must now test your backup. Make sure you can recover quickly. Just because your backup is working doesn’t mean you can restore efficiently. Legacy backup and tape systems can take a long time to recover. Some healthcare organizations are now leveraging encrypted all-flash arrays for super-fast backup and recovery. Furthermore, some are leveraging cloud, which are capable of housing PHI data. A good backup strategy can get you out of a lot of really bad situations. Again, just make sure it wall works well. 

Use adaptive, contextual security technologies

There are so many powerful tools that can help automate IT, enable better security practices, and lock down critical data and apps. Remember, there’s no silver bullet when it comes to security. This means that you need to look at supportive security systems to build out your overall security strategies. Contextual security helps you question and interrogate users, devices, services, and more that are coming into your environment. For example, many healthcare organizations already leverage Citrix. Do you have a NetScaler? Are you leveraging its contextual interrogation capabilities around remote users coming in? You can specify granular parameters like who is the user, what device are they coming in from, is it jailbroken, is the connection secure, is it a public WiFi, and much more. Or, if you already have Cisco, are you using the Identity Services Engine? Did you know that you can integrate these platforms together with systems like the NetScaler? Now, imagine an automated ecosystem that allows users to security pass externally and internally within the network. And, throughout the entire process you have visibility into user interaction, what they’re accessing, and how data is flowing. Furthermore, new types of end-point detection and response (EDR) systems are adding a direct compliment to end-user security. This means incorporating things like machine learning and even security AI. Get creative with the technologies you leverage and know that there are systems designed to make security more intelligent, automated, and easier to integrate.  

Again, healthcare data security doesn’t have to be a complicated process. Too often we over-engineer security solutions only to lose track of configurations and create issues around agility. Healthcare organizations must follow best practices when storing and distributing PHI or sensitive pieces of information.

The digitization of the healthcare world is inevitable; it’ll be up to security teams to ensure all of this digital content stays safe and resilient. Most of all, don’t take the digital security journey on your own. It’s not just about securing a network or a server any longer.

We now have to understand cloud delivery models, how users interact with data, and how to optimize the delivery of critical resources. Leverage key partners to help you create your own digital security strategy that takes users, their data, and your entire strategy into consideration.

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks